#!/bin/bash

# /home/your_username/.gitenc
GITENC_CONF="$HOME/.gitenc"

function toencrypt() {

  if [[ $1 != *.gpg ]] &&
     ([[ $1 == *connection* ]] ||
     [[ $1 == *.conf ]] ||
     [[ $1 == *.cnf ]] ||
     [[ $1 =~ .*sql* ]] ||
     [[ $1 == *.db ]] ||
     [[ $1 == *.bin ]] ||
     [[ $1 =~ .*config* ]]) &&
     [ "$(find "$1" -mmin -1440 -exec echo "true" \;)" == 'true' ];

  then

    # sensitive data filename match; encrypt (if modified within the past 24hrs)
    lockdown "$1"

    # add the encrypted file to git
    git add "$1".gpg

    # remove the original from git tracking
    git reset -- "$1"

    # append the original to .gitignore (if its not already there)
    if [ "$(grep "$1" .gitignore)" == "" ];
    then
      echo "$1" >> .gitignore
      git add .gitignore
    fi

  else

    # normal file, git away
    git add "$1"

  fi

}

function lockdown() {

  # if a previously encrypted file exists, remove it
  rm -f "$1".gpg

  # determine whether or not this system uses gpg or gpg2 package
  if [ -f /usr/bin/gpg ] || [ -f /bin/gpg ];
  then

    GPG_LOC='gpg'

  elif [ -f /usr/bin/gpg2 ] || [ -f /bin/gpg2 ];
  then

    GPG_LOC='gpg2'

  fi

  # to alter the cipher used, append your selection below
  "$GPG_LOC" --batch -c --passphrase-file "$GITENC_CONF" "$1"

}


# a gitenc add argument is passed, validate to see if encryption is needed
if [ "$1" == "add" ];
then

  # preserve original git add functionalities and stage everything by default
  shift
  git add "$@"

    for filename in $(git diff --cached --name-only);
    do

      # only encrypt files modified within the last 24 hours
      toencrypt "$filename"

    done

### setup ###
elif [ "$1" == 'setup' ];
then

  function pw_validate() {

    echo "Enter your preferred password to use for the GPG encryption:"
    read -rs PW_PREF

    if [ "$PW_PREF" == "" ];
    then

      echo "Password must not be blank, try again:"

    fi

    echo "Please re-enter the password, to confirm:"
    read -rs PW_CONFIRM

    if [ "$PW_PREF" != "$PW_CONFIRM" ];
    then

      echo "Passwords do not match.  Try again."
      pw_validate

    fi

  }

  function createconfig() {

    echo "$1" > "$GITENC_CONF"
    echo -e "GPG password saved to $HOME/.gitenc!\nYou can now auto-encrypt your config by running:\n\tgitenc add filename\n\t\tor\n\tgitenc add .\n\n"
    echo -e "To use Gitenc without requiring an absolute path on every command, create a symlink:\n\tsudo ln -s $HOME/gitenc/gitenc /bin/gitenc"
    exit 0

  }


  pw_validate


  # if the directory for config doesn't already exist, create it
  if [ "$PW_PREF" != "" ] && [ ! -f "$GITENC_CONF" ];
  then

    touch "$GITENC_CONF"

    # if a .gitingore doesn't exist, it'll need to be added
    if [ ! -f .gitignore ];
    then

      touch .gitignore

    fi

  else

    echo "Unknown error occured, please submit a bug report: https://notabug.org/angela/gitenc"
    exit 1

  fi

    # assuming.. if we made it this far, there was a successful config creation
    createconfig "$PW_PREF"

elif [ "$1" == "-h" ] ||  [ "$1" == "--help" ] || [ "$1" == "help" ];
then

  echo -e "\n\t\tGITENC USAGE\n\n"
  echo -e "gitenc add filename\nParses the individual added filename for common sensitive filenames (ie. widget.conf or connection.py)\n"
  echo -e "gitenc add . or -A or --all\nParses group filenames for common sensitive filenames (ie. widget.conf or connection.py)\n"
  echo -e "\nExample Cron Usage:\n00 02 * * * cd /home/user/public_html && gitenc add . && git commit -m "Adding new changes" && git push && cd"
  echo -e "\nDecrypt an Encrypted File to the CLI:\ngpg --decrypt filename.gpg"
  echo -e "\nDecrypt an Encrypted File and Make a Physical Copy:\ngpg --output filename.conf --decrypt filename.gpg\n \
  Note: Some systems run gpg as gpg2 - so if running gpg via the command-line interface, try gpg2"

  echo -e "\n\t\tUNINSTALL\n\n \
  - Remove/delete $HOME/gitenc directory\n \
  - Remove/delete $GITENC_CONF file\n \
  - If a symlink was set, remove /bin/gitenc\n"

  echo -e "\n\t\tABOUT\n\n"
  echo -e "Developed by Angela D\n \
  - https://github.com/angela-d\n \
  - https://notabug.org/angela\n
  Code improvements and additional suggestions by alfunx"
else

  # gitenc is not a replacement for git
  echo -e "Command not recognized; you only need to run gitenc in place of 'git add'.. it serves no other purpose.\nRun 'git yourcommand', instead."

fi
